## ABB Busch-Welcome Door Opener Actuator Vulnerability: CVE-2025-7705 A critical vulnerability has been identified in **ABB**'s Busch-Welcome 2-Wire Door Opener Actuator, potentially allowing attackers to gain unauthorized physical access to buildings where the product is installed. The vulnerability is tracked as **CVE-2025-7705**. ### Vulnerability Details The issue stems from an authentication bypass due to a compatibility mode being enabled by default. This allows attackers to circumvent security measures and potentially manipulate the door opener system. * **Affected Products:** * Switch Actuator 4 DU -83330 - All Versions * Switch actuator, door/light 4 DU -83330-500 - All Versions * **Vendor:** **ABB** * **CWE:** CWE-489 Active Debug Code ### Impact A successful exploit of this vulnerability could lead to unauthorized physical access to buildings, potentially resulting in theft, vandalism, or other malicious activities. The affected actuators are commonly used in commercial facilities, making them a prime target for attackers. ### Mitigation **ABB** recommends users double-check the system handbook of a Busch-Welcome® two-wire system regarding security advises for the correct installation. **CISA** recommends the following general security practices: * Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet. * Locate control system networks and remote devices behind firewalls and isolate them from business networks. * When remote access is required, use more secure methods, such as Virtual Private Networks (**VPNs**), recognizing **VPNs** may have vulnerabilities and should be updated to the most recent version available. Also recognize **VPN** is only as secure as its connected devices. ### Reporting Organizations observing suspected malicious activity should follow established internal procedures and report findings to **CISA** for tracking and correlation against other incidents. ### References * [CISA Advisory](https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-148-04.json) * [CVE-2025-7705](https://www.cve.org/CVERecord?id=CVE-2025-7705)